CVE-2014-7838

2014-11-2400:00:00

ubuntu.com

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS

0.002

Percentile

52.7%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in the Forum
module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6,
and 2.7.x before 2.7.3 allow remote attackers to hijack the authentication
of arbitrary users for requests that set a tracking preference within (1)
mod/forum/deprecatedlib.php, (2) mod/forum/forum.js, (3)
mod/forum/index.php, or (4) mod/forum/lib.php.